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REMARKS 

By this amendment, Claims 1,15, and 22 are amended. No claims have been added or 
canceled. Hence, Claims 1-30 are pending in the application. The amendments to the claims as 
indicated herein do not add any new matter to this application. Furthermore, amendments made 
to the claims as indicated herein have been made to exclusively improve readability and clarity of 
the claims and not for the purpose of overcoming alleged prior art. 

Each issue raised in the Office Action mailed September 11, 2007, is addressed 
hereinafter. 

I. ISSUES RELATING TO CLAIM AMENDMENTS 

Support for the amendments made to the claims can be found in the at least the following 
paragraphs of the Specification: Paragraph [0025] ("substituting the IP address in a user profile 
information associated with a user of the client to create a new user profile information . . . ; 
adding the new user profile information as temporary entries to the Input Access Control List at 
the external interface and to the Output Access Control List at the internal interface); and 
Paragraphs [0084] - [0087] ("...Authentication Proxy 400 replaces the source IP address field of 
the command with the IP address of the client 306. . . Each modified proxy-access-list command 
is added as a temporary entry to the access control lists at the external interface 420 and internal 
interface 422"). 

H. ISSUED NOT RELATED TO ANY CITED PRIOR ART 

Claims 1 and 15 are rejected under 35 U.S.C. § 112, second paragraph, for allegedly 
failing to recite the structure of each means. The rejection is respectfully traversed. 
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Claims invoke 35 U.S.C. § 112, sixth paragraph, when the claim limitations use the 
phrase "means for" or "step for;" the "means for" or "step for" is modified by functional 
language; and the phrase "means for" or "step for" is not be modified by sufficient structure, 
material, or acts for achieving the specified function. 35 U.S.C. § 112, sixth paragraph, states 
that a claim limitation expressed in means-plus-function language "shall be construed to cover 
the corresponding structure. . .described in the specification and equivalents thereof." (See also 
MPEP 2181, Section I and II.) The disclosure of the structure (or material or acts) may be 
implicit or inherent in the specification if it would have been clear to those skilled in the art what 
structure (or material or acts) corresponds to the means (or step)-plus-function claim limitation. 
See Atmel Corp. v. Information Storage Devices, Inc., 198 F.3d 1374, 1380, 53 USPQ2d 1225, 
1229 (Fed. Cir. 1999). 

Furthermore, claim limitations that invoke 35 U.S.C. § 112, sixth paragraph, also comply 
with the requirements of 35 U.S.C. § 112, second paragraph, "if the corresponding structure, 
material or acts are described in the specification in specific terms and one skilled in the art could 
identify the structure, material or acts from that description." (See Amtel; MPEP 2181, Section 

m.) 

The claim limitations at issue in Claims 1 and 15 clearly invoke 35 U.S.C. § 112, sixth 
paragraph, by having the "means for" phrase that is modified by functional language, and by not 
being modified by sufficient structure. Instead of reciting the structure of each means within the 
language of the claim, as suggested in the Office action, Claims 1 and 15 comply with the 
requirements of 35 U.S.C. § 112, sixth paragraph, by not including structure so that the claim 
limitation can be construed to cover the corresponding structure described in the specification. 
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Claim limitations of Claim 1 and 15 cover corresponding structures found in the 
Specification. In particular, the structures that correspond to each of the claim limitations of 
Claims 1 and 15 at issue are found in at least Paragraphs [0045] to [0087] of the Specification. 
For example, the claim limitation "means for creating and storing client authorization 
information" covers at least the corresponding structure described in Paragraph [0063] of the 
Specification, among other possible embodiments described in other paragraphs of the 
Specification. 

Based on the foregoing reasons, Applicants respectfully traverse the rejection made under 
35 U.S.C. § 1 12, second paragraph. Reconsideration is respectfully requested. 
H. ISSUES RELATING TO CITED PRIOR ART 

A. CLAIMS 1-9 and 13-19. 22-23. and 25-27 —BAIZE in view ofSADOVSKY 

Claims 1-9 and 13-19, 22-23, and 25-27 are rejected under 35 U.S.C. § 103(a) as 
allegedly obvious over U.S. Patent No. 6,317,838, issued to Baize, et al. ("Baize"), in view of 
U.S. Patent No. 5,689,638, issued to Sitaraman, et al. ("Sitaraman"). The Office Action fails to 
present a prima facie case of unpatentability of Claims 1-9 and 13-19, 22-23, and 25-27 under 
35 U.S.C. § 103(a) because Sitaraman is not citable in this application under 35 U.S.C. 
§ 103(c)(1) and must be removed as a reference. 

Under 35 U.S.C. § 103(c)(1), as amended by the CREATE Act of 2004, which also 
extended the applicability of 35 U.S.C. § 103(c)(1) to all applications pending on its effective date 
of December 10, 2004, a reference that qualifies as prior art under 35 U.S.C. § 102(e), (f), or (g) 
is not citable against an application under 35 U.S.C. § 103(a) if the invention described in the 
application for patent and the invention described in the prior art reference applied against the 
application were commonly owed by, or subject to an obligation of assignment to, the same 
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person, at the time the invention in the application for patent was made. See USPTO "Frequently 
Asked Questions" about 103(c), 

http://www.uspto.gov/web/offices/dcom/olia/aipa/103cfaq.htm. 

The present application is assigned to Cisco Technology, Inc., a wholly owned subsidiary 
of Cisco Systems, Inc., San Jose, California, as stated in the assignment recorded in the USPTO 
at reel 015200, frame 0111. The assignee on the face page of Sitaraman is also Cisco 
Technology, Inc. Further, at the time that the invention presented in the present application was 
made, all inventors were under an obligation to assign any later patent application to Cisco 
Technology, Inc., so that the application and the reference were, at the time the invention was 
made, owned by, or subject to an obligation of assignment to, the same person. 

Sitaraman, as applied herein, qualifies as 35 U.S.C. § 103(a) only via 35 U.S.C. § 102(e). 
Sitaraman, filed on May 21, 1999, was filed within one year of the present application, which 
claims priority to U.S. Application No. 09/347,433, issued as U.S. Patent No. 6,463,474, filed on 
July 2, 1999. 

Therefore, all requirements of 35 U.S.C. § 103(c)(1) are satisfied in the present case with 
respect to Sitaraman, and Sitaraman is ineligible as a reference. Applicants respectfully request 
reconsideration and removal of Sitaraman as a reference. 

B. CLAIMS 1-9 and 13-19, 22-23, and 25-27 —BAIZE in view ofSADOVSKY 

Claims 1-9 and 13-19, 22-23, and 25-27 are rejected under 35 U.S.C. § 103(a) as 
allegedly obvious over U.S. Patent No. 6,317,838, issued to Baize, et al. ("Baize"), in view of 
U.S. Patent No. 5,689,638, issued to Sadovsky, et al. ("Sadovsky"). Based on the following 
arguments presented below, the rejections are respectfully traversed. 

Independent Claim 1 recites: 
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means for reconfiguring the network firewall routing device to 

permit the client to communicate with the network resource 
only when the client is authorized to communicate with the 
network resource based on the authorization information, 
wherein the means for reconfiguring the network firewall 
routing device further comprises: 

means for determining a current IP address of the client; 

means for creating a new user profile information, based 
on the user profile information, that includes the 
current IP address; and 

means for adding the new user profile information as 

temporary entries to the Input Access Control List 
at the external interface and to the Output Access 
Control List at the internal interface. 

(Emphases added.) According to one embodiment of the invention, the network firewall device 

is reconfigured by means for adding new user profile information to access control lists that at 

the external interface and the internal interface of the firewall. As discussed in the previous 

Reply to Office Action submitted by Applicants on July 10, 2007, one possible benefit of 

reconfiguring a part of the network firewall routing device is that the configuration is maintained 

indefinitely until certain conditions are met, for example, a timeout or a specific modification by 

the system administrator. This allows the logical passageway to remain open even if the user and 

client encounters an inadvertent or transient disconnection. (Paragraph [0091].) Using this 

method, the session is not reset by the disconnection, and the firewall does not need to access the 

authentication server when the user or client re-establishes the connection. 

No combination of Baize in view of Sadovsky discloses each and every express element 

of Claim 1 . Neither Baize nor Sadovsky teach or disclose means for reconfiguring a firewall 

comprising means of adding temporary entries to access control lists at the firewall. Neither 

Baize nor Sadovsky teach or disclose means for adding new user information that includes the 
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current IP address as temporary entries. Instead, Baize teaches that an operational user profile is 
fetched from the security server, and "any subsequent request to another server or resource may 
be allowed or denied according to said operational profile." (Baize, Col. 7, lines 3-5.) Baize 
teaches that a subsequent request is allowed or denied by "[applying] the application rules 
(module 50) according to the operational profile." (Baize, Col. 7, lines 12-14). However, 
"applying the application rules," as taught by Baize, does not teach or disclose the means for 
reconfiguring the firewall as recited in Claim 1 . 

The Office Action also relies on Sadovsky to teach and disclose means for reconfiguring a 
network firewall routing device. However, Sadovsky does not teach any means for reconfiguring 
a firewall comprising means of adding temporary entries to access control lists. Sadovsky merely 
teaches maintaining a cache of usernames and passwords at a central server. It does not teach 
any user profile information, or any client authentication information that indicates any access 
privileges the client has with respect to the resource, as recited in Claim 1. It does not teach 
creating any new user information data that includes any current IP addresses. Therefore, 
Sadovsky does not "fill the gaps" that Baize leaves with respect to Claim 1 . 

Any combination of Baize with Sadovsky fails to provide the complete claimed subject 
matter of Claim 1. As one or more express elements recited in Claim 1 are not disclosed, taught, 
or suggested by Baize in view of Sadovsky, it is respectfully submitted that Claim 1 is patentable 
over the cited art and is in condition for allowance. 

Independent Claim 15 and 22 include features similar to Claim 1. It is therefore 
respectfully submitted that Claims 15 and 22 are patentable over Baize in view of Sadovsky for at 
least the reasons given above with respect to Claims 15 and 22. 
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Claims 2-9, 13-14, 16-19, 23, and 25-27 are dependent claims, each of which depends 
(directly or indirectly) on Claims 1, 15, and 22. In addition, each of Claims 2-9, 13-14, 16-19, 
23, and 25-27 introduces one or more additional features that independently render it patentable. 
Due to the fundamental differences already identified, to expedite the positive resolution of this 
case, a separate discussion of the features of Claims 2-9, 13-14, 16-19, 23, and 25-27 is not 
included at this time. The Applicant reserves the right to further point out the differences 
between the cited art and the novel features recited in the dependent claims. 

C. CLAIM 12 —BAIZE in view of SADOVSKY. in further view ofCOSS 

Claim 12 were rejected under 35 U.S.C. § 103(a) as allegedly unpatentable over Baize in 
view of Sadovsky, in further view of U.S. Patent No. 6,170,012 issued to Coss et al. The 
rejections are respectfully traversed. 

Claim 12 is a dependent claim, which depends (directly or indirectly) on Claim 1. The 
Office action relies on Coss for teaching the limitations within those dependent claims. 
However, Coss does not "fill the gaps" that Baize and Sadovsky leave with respect to 
independent Claim 1. Any combination of Baize, Sadovsky, and Coss fails to provide the 
complete claimed subject matter of Claim 1. Due to the fundamental differences already 
identified, to expedite the positive resolution of this case, a separate discussion of the features of 
Claim 12 is not included at this time. In addition, Claim 12 introduces one or more additional 
features that independently render it patentable. The Applicant reserves the right to further point 
out the differences between the cited art and the novel features recited in the dependent claims. 
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D. CLAIMS 10-11. 20-21, 24, and 28-30 —BAIZE in view ofSADOVSKY, in 
further view ofKLASSEN 

Claim 12 were rejected under 35 U.S.C. § 103(a) as allegedly unpatentable over Baize in 
view of Sadovsky, in further view of U.S. Patent No. 6,170,012 issued to Klassen et al. The 
rejections are respectfully traversed. 

Claims 10-11, 20-21, 24, and 28-30 are dependent claims, each of which depends 
(directly or indirectly) on Claims 1, 15, or 22. The Office action relies on Klassen for teaching 
the limitations within those dependent claims. However, Klassen does not "fill the gaps" that 
Baize and Sadovsky leave with respect to independent Claims 1 , 15, or 22. Any combination of 
Baize, Sadovsky, and Klassen fails to provide the complete claimed subject matter of Claims 1, 
15, or 22. Due to the fundamental differences already identified, to expedite the positive 
resolution of this case, a separate discussion of the features of Claims 10-11, 20-21, 24, and 28- 
30 is not included at this time. In addition, each of Claims 10-1 1, 20-21, 24, and 28-30 
introduces one or more additional features that independently render it patentable. The Applicant 
reserves the right to further point out the differences between the cited art and the novel features 
recited in the dependent claims. 

In view of the foregoing, it is respectfully asserted that the claims are now in condition 
for allowance. 

CONCLUSION 

For the reasons set forth above, it is respectfully submitted that all of the pending claims 
are now in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is 
believed next in order, and that action is most earnestly solicited. 
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The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 
/// 
/// 
/// 
/// 
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A petition for extension of time for one (1) month, and otherwise for the time necessary 
to make this reply timely filed, is hereby made under 37 C.F.R. 1.136. The extension of time fee 
is submitted concurrently herewith. Please charge any shortages or credit any overages to 
Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: December 13, 2007 /RhysWCheung#58648/ 

Rhys W. Cheung 
Reg. No. 58,648 

2055 Gateway Place, Suite 550 
San Jose, CA 95110-1089 
Telephone: (408) 754-1450 
Fax: (408)414-1076 



50325-0799 (CPOL 318993) 24 



